Changeset 6575 for TI12-security


Ignore:
Timestamp:
15/02/10 12:39:45 (10 years ago)
Author:
pjkersha
Message:

Changes for addition of AuthzDecisionQuery? WSGI interface (Authorisation service)

Location:
TI12-security/trunk/NDGSecurity/python
Files:
1 deleted
14 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/authz/__init__.py

    r6570 r6575  
    753753    Information Point interface.  This retrieves attributes over the SOAP/SAML 
    754754    Attribute Authority interface  
    755     (ndg.security.server.wsgi.saml.SOAPAttributeInterfaceMiddleware) and caches  
     755    (ndg.security.server.wsgi.saml.attributeinterface.SOAPAttributeInterfaceMiddleware) and caches  
    756756    SAML Assertions in a  
    757757    ndg.security.common.credentialWallet.SAMLCredentialWallet 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/saml/attributeinterface.py

    r6573 r6575  
    3939   
    4040class SOAPAttributeInterfaceMiddleware(SOAPMiddleware, NDGSecurityPathFilter): 
    41     """Implementation of SAML 2.0 SOAP Binding for Assertion Query/Request 
    42     Profile 
     41    """Implementation of SAML 2.0 SOAP Binding for Attribute Query 
    4342     
    4443    @type PATH_OPTNAME: basestring 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/saml/authzinterface.py

    r6573 r6575  
    3636 
    3737   
    38 class SOAPAuthzDecisionInterfaceMiddleware(SOAPMiddleware, NDGSecurityPathFilter): 
    39     """Implementation of SAML 2.0 SOAP Binding for Assertion Query/Request 
    40     Profile 
     38class SOAPAuthzDecisionInterfaceMiddleware(SOAPMiddleware,  
     39                                           NDGSecurityPathFilter): 
     40    """Implementation of SAML 2.0 SOAP Binding for Authorisation Decision Query 
    4141     
    4242    @type PATH_OPTNAME: basestring 
     
    5454    QUERY_INTERFACE_KEYNAME_OPTNAME = "queryInterfaceKeyName" 
    5555    DEFAULT_QUERY_INTERFACE_KEYNAME = ("ndg.security.server.wsgi.saml." 
    56                             "SOAPAuthzDecisionInterfaceMiddleware.queryInterface") 
     56                                       "SOAPAuthzDecisionInterfaceMiddleware." 
     57                                       "queryInterface") 
    5758     
    5859    def __init__(self, app): 
     
    7677        self.__queryInterfaceKeyName = None 
    7778         
    78         self.pathMatchList = app_conf.get( 
    79             prefix + SOAPAuthzDecisionInterfaceMiddleware.PATH_OPTNAME, ['/']) 
     79        cls = SOAPAuthzDecisionInterfaceMiddleware 
     80        self.pathMatchList = app_conf.get(prefix + cls.PATH_OPTNAME, ['/']) 
    8081                    
    81         self.queryInterfaceKeyName = app_conf.get(prefix + \ 
    82             SOAPAuthzDecisionInterfaceMiddleware.QUERY_INTERFACE_KEYNAME_OPTNAME, 
    83             prefix + \ 
    84             SOAPAuthzDecisionInterfaceMiddleware.DEFAULT_QUERY_INTERFACE_KEYNAME) 
     82        self.queryInterfaceKeyName = app_conf.get( 
     83            prefix + cls.QUERY_INTERFACE_KEYNAME_OPTNAME, 
     84            prefix + cls.DEFAULT_QUERY_INTERFACE_KEYNAME) 
    8585         
    8686    @classmethod 
     
    109109    def _setQueryInterfaceKeyName(self, value): 
    110110        if not isinstance(value, basestring): 
    111             raise TypeError('Expecting string type for "queryInterfaceKeyName"' 
    112                             ' got %r' % value) 
     111            raise TypeError('Expecting string type for "queryInterfaceKeyName" ' 
     112                            'got %r' % value) 
    113113             
    114114        self.__queryInterfaceKeyName = value 
     
    116116    queryInterfaceKeyName = property(fget=_getQueryInterfaceKeyName,  
    117117                                     fset=_setQueryInterfaceKeyName,  
    118                                      doc="environ keyname for Attribute Query " 
    119                                          "interface") 
     118                                     doc="environ keyname for Authorisation " 
     119                                         "Decision Query interface") 
    120120 
    121121    def _getIssuerName(self): 
     
    150150        soapRequestStream = environ.get('wsgi.input') 
    151151        if soapRequestStream is None: 
    152             raise SOAPAuthzDecisionInterfaceMiddlewareError('No "wsgi.input" in ' 
    153                                                         'environ') 
     152            raise SOAPAuthzDecisionInterfaceMiddlewareError('No "wsgi.input" ' 
     153                                                            'in environ') 
    154154         
    155155        # TODO: allow for chunked data 
    156156        contentLength = environ.get('CONTENT_LENGTH') 
    157157        if contentLength is None: 
    158             raise SOAPAuthzDecisionInterfaceMiddlewareError('No "CONTENT_LENGTH" ' 
    159                                                         'in environ') 
     158            raise SOAPAuthzDecisionInterfaceMiddlewareError( 
     159                                            'No "CONTENT_LENGTH" in environ') 
    160160 
    161161        contentLength = int(contentLength)         
     
    166166        soapRequest.parse(StringIO(soapRequestTxt)) 
    167167         
    168         # Filter based on SOAP Body content - expecting an AttributeQuery 
     168        # Filter based on SOAP Body content - expecting an AuthzDecisionQuery 
    169169        # element 
    170         if not SOAPAuthzDecisionInterfaceMiddleware.isAttributeQuery( 
     170        if not SOAPAuthzDecisionInterfaceMiddleware.isAuthzDecisionQuery( 
    171171                                                            soapRequest.body): 
    172172            # Reset wsgi.input for middleware and app downstream 
     
    174174            return self._app(environ, start_response) 
    175175         
    176         log.debug("SOAPAuthzDecisionInterfaceMiddleware.__call__: received SAML " 
    177                   "SOAP AttributeQuery ...") 
     176        log.debug("SOAPAuthzDecisionInterfaceMiddleware.__call__: received " 
     177                  "SAML SOAP AuthzDecisionQuery ...") 
    178178        
    179         attributeQueryElem = soapRequest.body.elem[0] 
     179        authzDecisionQueryElem = soapRequest.body.elem[0] 
    180180         
    181181        try: 
    182             attributeQuery = AttributeQueryElementTree.fromXML( 
    183                                                             attributeQueryElem) 
     182            authzDecisionQuery = AuthzDecisionQueryElementTree.fromXML( 
     183                                                        authzDecisionQueryElem) 
    184184        except UnknownAttrProfile, e: 
    185             log.exception("Parsing incoming attribute query: " % e) 
     185            log.exception("Parsing incoming authorisation decision query: " % e) 
    186186            samlResponse = self._makeErrorResponse( 
    187187                                        StatusCode.UNKNOWN_ATTR_PROFILE_URI) 
     
    195195             
    196196            # Call query interface         
    197             samlResponse = queryInterface(attributeQuery) 
     197            samlResponse = queryInterface(authzDecisionQuery) 
    198198         
    199199        # Add mapping for ESG Group/Role Attribute Value to enable ElementTree 
     
    216216        response = soapResponse.serialize() 
    217217         
    218         log.debug("SOAPAuthzDecisionInterfaceMiddleware.__call__: sending response " 
    219                   "...\n\n%s", 
     218        log.debug("SOAPAuthzDecisionInterfaceMiddleware.__call__: " 
     219                  "sending response ...\n\n%s", 
    220220                  response) 
    221221        start_response("200 OK", 
     
    225225     
    226226    @classmethod 
    227     def isAttributeQuery(cls, soapBody): 
    228         """Check for AttributeQuery in the SOAP Body""" 
     227    def isAuthzDecisionQuery(cls, soapBody): 
     228        """Check for AuthzDecisionQuery in the SOAP Body""" 
    229229         
    230230        if len(soapBody.elem) != 1: 
    231231            # TODO: Change to a SOAP Fault? 
    232             raise SOAPAuthzDecisionInterfaceMiddlewareError("Expecting single " 
    233                                                         "child element in the " 
    234                                                         "request SOAP " 
    235                                                         "Envelope body") 
     232            raise SOAPAuthzDecisionInterfaceMiddlewareError( 
     233                    "Expecting single child element in the request SOAP " 
     234                    "Envelope body") 
    236235             
    237236        inputQName = QName(soapBody.elem[0].tag)     
    238         attributeQueryQName = QName.fromGeneric( 
    239                                         AttributeQuery.DEFAULT_ELEMENT_NAME) 
    240         return inputQName == attributeQueryQName 
     237        authzDecisionQueryQName = QName.fromGeneric( 
     238                                        AuthzDecisionQuery.DEFAULT_ELEMENT_NAME) 
     239        return inputQName == authzDecisionQueryQName 
    241240 
    242241    def _makeErrorResponse(self, code): 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/attributeCertificateLog/ac.xml

    r6440 r6575  
    33    <acInfo> 
    44        <version>1.0</version> 
    5         <holder></holder> 
     5        <holder>/CN=client/O=NDG Security Test/OU=WS-Security Unittest</holder> 
    66        <issuer>/CN=AttributeAuthority/O=NDG Security Test/OU=Site A</issuer> 
    77        <issuerName>Site A</issuerName> 
    88        <issuerSerialNumber>253</issuerSerialNumber>  
    9         <userId>ndg-user</userId> 
     9        <userId>system</userId> 
    1010        <validity> 
    11             <notBefore>2010 01 20 08 54 54</notBefore>  
    12             <notAfter>2010 01 20 16 54 54</notAfter>  
     11            <notBefore>2010 02 15 11 31 46</notBefore>  
     12            <notAfter>2010 02 15 19 31 46</notAfter>  
    1313        </validity> 
    1414        <attributes> 
     
    3333        <provenance>original</provenance>  
    3434    </acInfo> 
    35 <ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>s1dB/p8Cl1SmY0/Jcq+2z2biXHs=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Sw36kLKRjSro9409KGZ5YPsQrU9FcvkzwO5n3WJ1WQkgDTS2IhGHCW5OB64bL8e3Ub3gdM1WlHC4 
    36 ybGYfPOuuVfQ4ZHHfLqQMWA9p5ALRmUTAglSt9/uTPYzc8yk7wCWHNYqMDVPHbHwy5MWyAToCHGx 
    37 rqJRs9WgozMJMugslJk=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
     35<ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ds"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xmlns"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>el2WOCy3XQ04rzELN8C+GufvDC4=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>mlKZJckdKXhwpOq0ZsKekoFneVP6T38iLBSgsgSwDUwHqxTTOlBqdkTywaL4lu2Jo1KlzZbeUH/r 
     36dUilnOs1zAZcl8BAynbXj2LJuGamxLIEFFQJFT7n7ZxAjVwbhbnajscHe3HEYDOxtQrfv5BDvyb/ 
     37lgddNkepm2vHbayEH0c=</ds:SignatureValue><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIICBTCCAW6gAwIBAgICAP0wDQYJKoZIhvcNAQEEBQAwLzEMMAoGA1UEChMDTkRH 
    3838MQ0wCwYDVQQLEwRCQURDMRAwDgYDVQQDEwdUZXN0IENBMB4XDTA4MTIxNTE2MzUy 
    3939NFoXDTEzMTIxNDE2MzUyNFowSjEaMBgGA1UEChMRTkRHIFNlY3VyaXR5IFRlc3Qx 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

    r5741 r6575  
    104104# SAML SOAP Binding to the Attribute Authority 
    105105[filter:AttributeAuthoritySamlSoapBindingFilter] 
    106 paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPAttributeInterfaceMiddleware.filter_app_factory 
     106paste.filter_app_factory = ndg.security.server.wsgi.saml.attributeinterface:SOAPAttributeInterfaceMiddleware.filter_app_factory 
    107107prefix = saml.soapbinding. 
    108108 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/siteb/attributeCertificateLog

    • Property svn:ignore
      •  

        old new  
        11ac.xml 
        22ac.xml.1 
         3ac.xml.10 
         4ac.xml.11 
         5ac.xml.12 
         6ac.xml.13 
         7ac.xml.14 
         8ac.xml.15 
         9ac.xml.16 
         10ac.xml.2 
         11ac.xml.3 
         12ac.xml.4 
         13ac.xml.5 
         14ac.xml.6 
         15ac.xml.7 
         16ac.xml.8 
         17ac.xml.9 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/siteb/site-b.ini

    r5678 r6575  
    100100# SAML SOAP Binding to the Attribute Authority 
    101101[filter:AttributeAuthoritySamlSoapBindingFilter] 
    102 paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPAttributeInterfaceMiddleware.filter_app_factory 
     102paste.filter_app_factory = ndg.security.server.wsgi.saml.attributeinterface:SOAPAttributeInterfaceMiddleware.filter_app_factory 
    103103prefix = saml.soapbinding. 
    104104 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini

    r6441 r6575  
    406406# SAML SOAP Binding to the Attribute Authority 
    407407[filter:AttributeAuthoritySamlSoapBindingFilter] 
    408 paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPAttributeInterfaceMiddleware.filter_app_factory 
     408paste.filter_app_factory = ndg.security.server.wsgi.saml.attributeinterface:SOAPAttributeInterfaceMiddleware.filter_app_factory 
    409409prefix = saml.soapbinding. 
    410410 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_samlattributeauthorityclient.cfg

    r6572 r6575  
    1111#  use a separate test case class in the test module and is  
    1212# included here 
    13 [test01SAMLAttributeQuery] 
     13[test01AttributeQuery] 
    1414uri = http://localhost:5000/AttributeAuthority/saml 
    1515subject = https://openid.localhost/philip.kershaw 
    1616siteAttributeName = urn:siteA:security:authz:1.0:attr 
    1717 
    18 [test02SAMLAttributeQueryInvalidIssuer] 
     18[test02AttributeQueryInvalidIssuer] 
    1919uri = http://localhost:5000/AttributeAuthority/saml 
    2020subject = https://openid.localhost/philip.kershaw 
    2121siteAttributeName = urn:siteA:security:authz:1.0:attr 
    2222 
    23 [test03SAMLAttributeQueryUnknownSubject] 
     23[test03AttributeQueryUnknownSubject] 
    2424uri = http://localhost:5000/AttributeAuthority/saml 
    2525subject = https://openid.localhost/unknown 
    2626siteAttributeName = urn:siteA:security:authz:1.0:attr 
    2727 
    28 [test04SAMLAttributeQueryInvalidAttrName] 
     28[test04AttributeQueryInvalidAttrName] 
    2929uri = http://localhost:5000/AttributeAuthority/saml 
    3030subject = https://openid.localhost/philip.kershaw 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_samlattributeauthorityclient.py

    r6572 r6575  
    1212import logging 
    1313logging.basicConfig(level=logging.DEBUG) 
     14import os 
    1415from datetime import datetime 
    1516from uuid import uuid4 
     
    3738    """NDG Attribute Authority SAML SOAP Binding client unit tests""" 
    3839    CONFIG_FILENAME = 'test_samlattributeauthorityclient.cfg' 
     40    CONFIG_FILEPATH = os.path.join(os.environ['NDGSEC_AACLNT_UNITTEST_DIR'], 
     41                                   CONFIG_FILENAME) 
    3942     
    4043    def __init__(self, *arg, **kw): 
     
    4649        self.startSiteAAttributeAuthority(withSSL=True, port=5443) 
    4750        
    48     def test01SAMLAttributeQuery(self): 
    49         _cfg = self.cfg['test01SAMLAttributeQuery'] 
     51    def test01AttributeQuery(self): 
     52        _cfg = self.cfg['test01AttributeQuery'] 
    5053         
    5154        attributeQuery = AttributeQuery() 
     
    114117        print(prettyPrint(samlResponseElem)) 
    115118              
    116     def test02SAMLAttributeQueryInvalidIssuer(self): 
    117         _cfg = self.cfg['test02SAMLAttributeQueryInvalidIssuer'] 
     119    def test02AttributeQueryInvalidIssuer(self): 
     120        _cfg = self.cfg['test02AttributeQueryInvalidIssuer'] 
    118121         
    119122        attributeQuery = AttributeQuery() 
     
    154157            response.status.statusCode.value==StatusCode.REQUEST_DENIED_URI) 
    155158                     
    156     def test03SAMLAttributeQueryUnknownSubject(self): 
    157         _cfg = self.cfg['test03SAMLAttributeQueryUnknownSubject'] 
     159    def test03AttributeQueryUnknownSubject(self): 
     160        _cfg = self.cfg['test03AttributeQueryUnknownSubject'] 
    158161         
    159162        attributeQuery = AttributeQuery() 
     
    193196            response.status.statusCode.value==StatusCode.UNKNOWN_PRINCIPAL_URI) 
    194197              
    195     def test04SAMLAttributeQueryInvalidAttrName(self): 
    196         thisSection = 'test04SAMLAttributeQueryInvalidAttrName' 
     198    def test04AttributeQueryInvalidAttrName(self): 
     199        thisSection = 'test04AttributeQueryInvalidAttrName' 
    197200        _cfg = self.cfg[thisSection] 
    198201         
     
    220223 
    221224        binding = SOAPBinding.fromConfig( 
    222                      AttributeAuthoritySAMLInterfaceTestCase.CONFIG_FILENAME,  
     225                     AttributeAuthoritySAMLInterfaceTestCase.CONFIG_FILEPATH,  
    223226                     prefix='saml.',  
    224227                     section=thisSection) 
     
    294297         
    295298        self.assert_(response.status.statusCode.value==StatusCode.SUCCESS_URI) 
    296  
    297          
     299              
     300    def test08AuthzDecisionQuery(self): 
     301        _cfg = self.cfg['test02AuthzDecisionQuery'] 
     302         
     303        query = AuthzDecisionQuery() 
     304        query.version = SAMLVersion(SAMLVersion.VERSION_20) 
     305        query.id = str(uuid4()) 
     306        query.issueInstant = datetime.utcnow() 
     307         
     308        query.issuer = Issuer() 
     309        query.issuer.format = Issuer.X509_SUBJECT 
     310        query.issuer.value = str( 
     311                AttributeAuthoritySAMLInterfaceTestCase.VALID_REQUESTOR_IDS[0]) 
     312                         
     313        query.subject = Subject()   
     314        query.subject.nameID = NameID() 
     315        query.subject.nameID.format = EsgSamlNamespaces.NAMEID_FORMAT 
     316        query.subject.nameID.value = _cfg['subject'] 
     317 
     318        binding = SOAPBinding() 
     319        binding.serialise = AuthzDecisionQueryElementTree.toXML 
     320        binding.deserialise = ResponseElementTree.fromXML 
     321        response = binding.send(query, _cfg['uri']) 
     322 
     323        samlResponseElem = ResponseElementTree.toXML(response) 
     324         
     325        print("SAML Response ...") 
     326        print(ElementTree.tostring(samlResponseElem)) 
     327        print("Pretty print SAML Response ...") 
     328        print(prettyPrint(samlResponseElem)) 
     329         
     330        self.assert_( 
     331            response.status.statusCode.value==StatusCode.REQUEST_DENIED_URI) 
     332 
     333        
    298334if __name__ == "__main__": 
    299335    unittest.main() 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/__init__.py

    r6574 r6575  
    99__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    1010__revision__ = '$Id: $' 
    11 import unittest 
    1211import os 
    1312import paste.fixture 
    1413from paste.deploy import loadapp 
    1514 
     15from ndg.security.test.unit import BaseTestCase 
    1616 
    1717class TestApp(object): 
     
    2828 
    2929 
    30 class SOAPAttributeInterfaceMiddlewareTestCase(unittest.TestCase): 
     30class SoapSamlInterfaceMiddlewareTestCase(BaseTestCase): 
    3131    HERE_DIR = os.path.dirname(os.path.abspath(__file__)) 
    3232    CONFIG_FILENAME = 'test.ini' 
    3333     
    3434    def __init__(self, *args, **kwargs): 
    35         wsgiapp = loadapp( 
    36             'config:%s' % \ 
    37                 SOAPAttributeInterfaceMiddlewareTestCase.CONFIG_FILENAME,  
    38             relative_to=SOAPAttributeInterfaceMiddlewareTestCase.HERE_DIR) 
     35        wsgiapp = loadapp('config:%s' % self.__class__.CONFIG_FILENAME,  
     36                          relative_to=self.__class__.HERE_DIR) 
    3937         
    4038        self.app = paste.fixture.TestApp(wsgiapp) 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/attribute-interface.ini

    r6574 r6575  
    1818 
    1919[app:TestApp] 
    20 paste.app_factory = ndg.security.test.unit.wsgi.saml.test_soapattributeinterface:TestApp 
     20paste.app_factory = ndg.security.test.unit.wsgi.saml:TestApp 
    2121 
    2222[filter:SAMLSoapAttributeInterfaceFilter] 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/authz-decision-interface.ini

    r6574 r6575  
    1818 
    1919[app:TestApp] 
    20 paste.app_factory = ndg.security.test.unit.wsgi.saml.test_soapattributeinterface:TestApp 
     20paste.app_factory = ndg.security.test.unit.wsgi.saml:TestApp 
    2121 
    2222[filter:SAMLSoapAttributeInterfaceFilter] 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/saml/test_soapauthzdecisioninterface.py

    r6574 r6575  
    2222from ndg.security.common.soap.etree import SOAPEnvelope 
    2323from ndg.security.common.saml_utils.esg import EsgSamlNamespaces 
    24  
    25  
    26 class SOAPAttributeInterfaceMiddlewareTestCase(unittest.TestCase): 
    27     CONFIG_FILENAME = 'authz-decision-interface.ini 
    28  
    29     def _createAttributeQuery(self,  
     24from ndg.security.test.unit.wsgi.saml import SoapSamlInterfaceMiddlewareTestCase 
     25 
     26 
     27class SOAPAuthzDecisionInterfaceMiddlewareTestCase(unittest.TestCase): 
     28    CONFIG_FILENAME = 'authz-decision-interface.ini' 
     29 
     30    def _createAuthzDecisionQuery(self,  
    3031                        issuer="/O=Site A/CN=Authorisation Service", 
    3132                        subject="https://openid.localhost/philip.kershaw"): 
    32         attributeQuery = AttributeQuery() 
    33         attributeQuery.version = SAMLVersion(SAMLVersion.VERSION_20) 
    34         attributeQuery.id = str(uuid4()) 
    35         attributeQuery.issueInstant = datetime.utcnow() 
    36          
    37         attributeQuery.issuer = Issuer() 
    38         attributeQuery.issuer.format = Issuer.X509_SUBJECT 
    39         attributeQuery.issuer.value = issuer 
     33        query = AttributeQuery() 
     34        query.version = SAMLVersion(SAMLVersion.VERSION_20) 
     35        query.id = str(uuid4()) 
     36        query.issueInstant = datetime.utcnow() 
     37         
     38        query.issuer = Issuer() 
     39        query.issuer.format = Issuer.X509_SUBJECT 
     40        query.issuer.value = issuer 
    4041                         
    41         attributeQuery.subject = Subject()   
    42         attributeQuery.subject.nameID = NameID() 
    43         attributeQuery.subject.nameID.format = EsgSamlNamespaces.NAMEID_FORMAT 
    44         attributeQuery.subject.nameID.value = subject 
     42        query.subject = Subject()   
     43        query.subject.nameID = NameID() 
     44        query.subject.nameID.format = EsgSamlNamespaces.NAMEID_FORMAT 
     45        query.subject.nameID.value = subject 
    4546                                     
    4647         
     
    5152        fnAttribute.friendlyName = "FirstName" 
    5253 
    53         attributeQuery.attributes.append(fnAttribute) 
     54        query.attributes.append(fnAttribute) 
    5455     
    5556        # special case handling for 'LastName' attribute 
     
    5960        lnAttribute.friendlyName = "LastName" 
    6061 
    61         attributeQuery.attributes.append(lnAttribute) 
     62        query.attributes.append(lnAttribute) 
    6263     
    6364        # special case handling for 'LastName' attribute 
     
    6869        emailAddressAttribute.friendlyName = "emailAddress" 
    6970 
    70         attributeQuery.attributes.append(emailAddressAttribute)   
    71  
    72         return attributeQuery 
    73      
    74     def _makeRequest(self, attributeQuery=None, **kw): 
     71        query.attributes.append(emailAddressAttribute)   
     72 
     73        return query 
     74     
     75    def _makeRequest(self, query=None, **kw): 
    7576        """Convenience method to construct queries for tests""" 
    7677         
    77         if attributeQuery is None: 
    78             attributeQuery = self._createAttributeQuery(**kw) 
     78        if query is None: 
     79            query = self._createAuthzDecisionQuery(**kw) 
    7980             
    80         elem = AttributeQueryElementTree.toXML(attributeQuery) 
     81        elem = AuthzDecusionQueryElementTree.toXML(query) 
    8182        soapRequest = SOAPEnvelope() 
    8283        soapRequest.create() 
     
    106107     
    107108    def test01ValidQuery(self): 
    108         attributeQuery = self._createAttributeQuery() 
    109         request = self._makeRequest(attributeQuery=attributeQuery) 
     109        query = self._createAuthzDecisionQuery() 
     110        request = self._makeRequest(query=query) 
    110111         
    111112        header = { 
     
    123124        self.assert_(samlResponse.status.statusCode.value == \ 
    124125                     StatusCode.SUCCESS_URI) 
    125         self.assert_(samlResponse.inResponseTo == attributeQuery.id) 
     126        self.assert_(samlResponse.inResponseTo == query.id) 
    126127        self.assert_(samlResponse.assertions[0].subject.nameID.value == \ 
    127                      attributeQuery.subject.nameID.value) 
     128                     query.subject.nameID.value) 
    128129 
    129130    def test02AttributeReleaseDenied(self): 
     
    149150 
    150151    def test03InvalidAttributesRequested(self): 
    151         attributeQuery = self._createAttributeQuery() 
     152        query = self._createAuthzDecisionQuery() 
    152153         
    153154        # Add an unsupported Attribute name 
     
    157158                                    XSStringAttributeValue.TYPE_LOCAL_NAME 
    158159        attribute.friendlyName = "myAttribute" 
    159         attributeQuery.attributes.append(attribute)      
    160          
    161         request = self._makeRequest(attributeQuery=attributeQuery) 
     160        query.attributes.append(attribute)      
     161         
     162        request = self._makeRequest(query=query) 
    162163            
    163164        header = { 
Note: See TracChangeset for help on using the changeset viewer.